package com.supwisdom.institute.poa.domain.accesstoken;

import com.supwisdom.institute.poa.domain.oauth2client.OAuth2Client;
import com.supwisdom.institute.poa.domain.oauth2client.OAuth2ClientRepository;
import com.supwisdom.institute.poa.domain.support.OAuth2Utils;
import com.supwisdom.institute.poa.domain.support.Token;
import java.util.HashSet;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;

/* loaded from: input_file:BOOT-INF/lib/platform-openapi-domain-0.1.0.jar:com/supwisdom/institute/poa/domain/accesstoken/AccessTokenServiceImpl.class */
public class AccessTokenServiceImpl implements AccessTokenService {
    private static final int EXPIRES_IN_SECONDS = 3600;
    private static final long EXPIRES_IN_MILLIS = 3600000;
    private static final int MAX_RETRIES = 5;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AccessTokenService.class);
    private static final String GRANT_TYPE = "client_credentials";
    private OAuth2ClientRepository clientRepository;
    private AccessTokenRepository accessTokenRepository;

    public AccessTokenServiceImpl(OAuth2ClientRepository oAuth2ClientRepository, AccessTokenRepository accessTokenRepository) {
        this.clientRepository = oAuth2ClientRepository;
        this.accessTokenRepository = accessTokenRepository;
    }

    @Override // com.supwisdom.institute.poa.domain.accesstoken.AccessTokenService
    public Mono<AccessTokenIssueRejection> check(AccessTokenIssueCmd accessTokenIssueCmd) {
        return !GRANT_TYPE.equals(accessTokenIssueCmd.getGrantType()) ? Mono.just(AccessTokenIssueRejection.UNSUPPORTED_GRANT_TYPE) : this.clientRepository.getById(accessTokenIssueCmd.getClientId()).map(oAuth2Client -> {
            return Optional.of(oAuth2Client);
        }).defaultIfEmpty(Optional.empty()).flatMap(optional -> {
            if (!optional.isPresent()) {
                return Mono.just(AccessTokenIssueRejection.CLIENT_NOT_EXIST);
            }
            OAuth2Client oAuth2Client2 = (OAuth2Client) optional.get();
            return !oAuth2Client2.getClientSecretHash().equals(OAuth2Utils.base64Decode_sha256_base64Encode(accessTokenIssueCmd.getClientSecret())) ? Mono.just(AccessTokenIssueRejection.CLIENT_AUTHC_FAILED) : !oAuth2Client2.getScopes().containsAll(accessTokenIssueCmd.getScopes()) ? Mono.just(AccessTokenIssueRejection.INVALID_SCOPE) : Mono.empty();
        });
    }

    @Override // com.supwisdom.institute.poa.domain.accesstoken.AccessTokenService
    public Mono<AccessTokenIssueResp> issue(AccessTokenIssueCmd accessTokenIssueCmd) {
        return Mono.fromCallable(() -> {
            Token generateToken;
            int i = 0;
            AccessToken accessToken = new AccessToken();
            accessToken.setClientId(accessTokenIssueCmd.getClientId());
            accessToken.setRevoked(false);
            accessToken.setScopes(new HashSet(accessTokenIssueCmd.getScopes()));
            do {
                i++;
                if (i > 5) {
                    LOGGER.error("Could not generate AccessToken in 5 times. ClientId: {}", accessTokenIssueCmd.getClientId());
                    return null;
                }
                generateToken = OAuth2Utils.generateToken();
                long currentTimeMillis = System.currentTimeMillis();
                accessToken.setTokenHash(generateToken.getTokenHash());
                accessToken.setCreatedAt(currentTimeMillis);
                accessToken.setExpiresAt(currentTimeMillis + 3600000);
            } while (!Boolean.TRUE.equals((Boolean) this.accessTokenRepository.save(accessToken).block()));
            String str = (String) this.clientRepository.getLastTokenHash(accessTokenIssueCmd.getClientId()).block();
            if (str != null) {
                this.accessTokenRepository.revokeByHash(str).block();
            }
            this.clientRepository.updateLastTokenHash(accessTokenIssueCmd.getClientId(), accessToken.getTokenHash()).block();
            return new AccessTokenIssueResp(generateToken.getToken(), 3600L);
        }).publishOn(Schedulers.elastic());
    }
}
